README

Тестовые файлы можно найти в папке samples:

• *.original - оригинальный файл;
• *.key - ключ для шифрования (дешифрования) - mediaKey;
• *.encrypted - зашифрованный файл;
• *.sidecar - информация для стриминга.

Шифрование

1. Generate your own mediaKey, which needs to be 32 bytes, or use an existing one when available.
2. Expand it to 112 bytes using HKDF with SHA-256 and type-specific application info (see below). Call this value mediaKeyExpanded.
3. Split mediaKeyExpanded into:
   • iv: mediaKeyExpanded[:16]
   • cipherKey: mediaKeyExpanded[16:48]
   • macKey: mediaKeyExpanded[48:80]
   • refKey: mediaKeyExpanded[80:] (not used)
4. Encrypt the file with AES-CBC using cipherKey and iv, pad it and call it enc.
5. Sign iv + enc with macKey using HMAC SHA-256 and store the first 10 bytes of the hash as mac.
6. Append mac to the enc to obtain the result.

Дешифрование

1. Obtain mediaKey.
2. Expand it to 112 bytes using HKDF with SHA-256 and type-specific application info (see below). Call this value mediaKeyExpanded.
3. Split mediaKeyExpanded into:
   • iv: mediaKeyExpanded[:16]
   • cipherKey: mediaKeyExpanded[16:48]
   • macKey: mediaKeyExpanded[48:80]
   • refKey: mediaKeyExpanded[80:] (not used)
4. Obtain encrypted media data and split it into:
   • file: mediaData[:-10]
   • mac: mediaData[-10:]
5. Validate media data with HMAC by signing iv + file with macKey using SHA-256. Take in mind that mac is truncated to 10 bytes, so you should compare only the first 10 bytes.
6. Decrypt file with AES-CBC using cipherKey and iv, and unpad it to obtain the result.

Установка

composer require vandalorumrex/crypt